Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2453
Views
15
Helpful
4
Replies

Incorrect MAC appear on switch port

Vencola
Level 1
Level 1

‎11-15-2020 01:25 AM

Hi everyone, 

 

we have some 3750X  Cisco switches with port security enabled on all access ports, it happened a few times that the port gets shut down due to port security violation, after searching for the violated MAC I found two different cases. 

 

- there are two different points here. 

 

case A. Wrong MAC appears on a switch port: e.g. the MAC physically connected to Building "A" switch and it belongs to a phone or a printer or even a PC but for some reason, it appears on Building B Switch. In this case, we already have the device that has this MAC but I don't know why it appeared on a different switch.

 

case B. non-existing MAC appears on a switch: e.g. the ports get shut down due to port security violation and when I search for the violated MAC I found that it belongs to a strange vendor (ATARI CORPORATION) - we don't have any devices from this vendor.

------------

 

Example: 

 

the Violated MAC address is 00003600xxxx, looking online this MAC belongs to ATARI CORPORATION, I don't know this vendor. the port is directly connected to an HP computer. 

 

#sho mac address-table address 00003600xxxx: shows nothing at all. that is different from case A where this command shows the MAC address on the trunk port and after tracing the MAC I eventually reach the correct switch.

 

--------

it happened another time, and the violated MAC address shows 00009e00xxxx >> which is belongs to a vendor called MARLI S.A. we also don't have any devices from this vendor. 

 

--------

 

- what is the reason for case A and case B?

- can this be a bug on the switch or the HP computer NIC card, or even a computer virus, or is it a real violation. 

 

Thanks. 

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎11-15-2020 02:40 AM

We are not sure at this stage what causing the issue, since it may be the NIC Cards using by the device connected.

 

you need to find where the source generates that MAC Address and investigate.

 

when the MAC Violation occur it sure do mention what is the port - if not you need to look mac address lookup format

 

show mac address-table  | in 0000.0c9f.f001 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Vencola
Level 1
Level 1
In response to balaji.bandi

‎11-25-2020 12:40 AM

I do know the port and the violated MAC address, the MAC is different than the connected computer NIC MAC. 

isn't this a bug at the switch? 

or is it 100% from the computer side? 

Georg Pauwen
VIP
VIP

‎11-25-2020 12:55 AM

Hello,

 

do you have sticky MAC addresses configured and if not, does the problem persist if you configure that ?

 

switchport port-security mac-address sticky

0 Helpful

Vencola
Level 1
Level 1
In response to Georg Pauwen

‎11-30-2020 05:35 AM

Hi, Yes the sticky is configured on all ports.

0 Helpful
Customers Also Viewed These Support Documents